WebApp Sec mailing list archives
Re: Simple to exploit SQL Injection ?
From: Yousef Syed <yousef.syed () gmail com>
Date: Mon, 28 Nov 2005 12:19:59 +0000
Hi Jason, Try the following Password: ' OR 1=1 -- That should give the following SQL: 'SELECT * FROM users WHERE username = 'xyz' AND password = '' OR 1=1 -- ' Since 1 always evaluates to 1, the rest of the SQL will be ignored and you should get the result you were expecting. Using the "--" comment, will stop anything else after this from being evaluated. That should stop you getting any syntax errors. ys -- Yousef Syed "One senior official said the consultancy "doesn't have the greatest of reputations among civil servants. They come and state the bleeding obvious using Powerpoint"." On 28/11/05, Jason binger <cisspstudy () yahoo com> wrote:
I am reviewing a .Net web application. When entering xyz for a username and ' for a password into a form I receive the following stack trace (extract): System.Exception: Can't Load DataReader using SQL string: 'SELECT * FROM users WHERE username = 'xyz' AND password = '''' -- Unclosed quotation mark before the character string '''. Line 1: Incorrect syntax near '''. Now I would have thought this would be easy to exploit, but I can't bypass the logon page. xyz is a valid username. Any ideas? Cheers __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com
Current thread:
- Simple to exploit SQL Injection ? Jason binger (Nov 28)
- Re: Simple to exploit SQL Injection ? Eoin Keary (Nov 28)
- Re: Simple to exploit SQL Injection ? Yousef Syed (Nov 28)
- RE: Simple to exploit SQL Injection ? Rich Bergmann (Nov 28)
- Re: Simple to exploit SQL Injection ? Dean H. Saxe (Nov 29)
- RE: Simple to exploit SQL Injection ? Victor Chapela (Nov 29)
- Re: Simple to exploit SQL Injection ? bryan allott (Nov 29)
- <Possible follow-ups>
- RE: Simple to exploit SQL Injection ? Haaland, Vegar Linge (Nov 28)
- RE: Simple to exploit SQL Injection ? Pilon Mntry (Nov 29)
- RE: Simple to exploit SQL Injection ? Griffiths, Ian (Nov 28)
- RE: Simple to exploit SQL Injection ? LAROUCHE Francois (Nov 29)
- RE: Simple to exploit SQL Injection ? Matt Fisher (Nov 30)